By Jan Lindquist, Christoph L. Fabianek and Sebastian Haas
Introduction
In the era of digital transformation, data has become the lifeblood of businesses, especially in the realm of supply chain management. The ability to share and exchange data seamlessly across different organisations and systems is crucial for operational efficiency, cost reduction, and customer satisfaction. This is where data agreements come into play. Data agreements are essentially contracts that define the terms and conditions for data sharing between different entities from a source to a third-party. They set the usage policies for data access, ensuring that all parties involved adhere to the agreed-upon rules and regulations.
The Decentralized Identity Foundation (DIF) has established a task force referred to as the "Data Agreement". This group is actively developing a specification that delineates the structure of data agreements. DIF's data agreements are rooted in the General Data Protection Regulation (GDPR) principles, and incorporate the recording of consent notices. However, as this post will expound, such an arrangement can be effectively applied across a wide array of supply chain management domains, including but not limited to agriculture, energy, and transportation.
Domain Specific Data Agreements
To facilitate data sharing in a more structured and well defined way a vocabulary or ontology is needed. To achieve this a Domain Specific Data Agreements (D2A) is used. Such agreements allow organisations to communicate through an intermediary the allowed usage policies for data access within a specific domain. The intermediary has then all the information to match and validate the usage policy in order to create a Domain Specific Data Disclosure Agreement (D3A).
The following diagram shows a parallel example between domain-specific data agreements and privacy based data agreements. A further explanation of privacy based data agreements can be found in this “Data Exchange Agreements” white paper from iGrant.io.
Agreement VC
One of the key technologies enabling data agreements are Verifiable Credentials (VCs). VCs are digital representations of information that a verifier might require, such as the age or the citizenship of an individual. In the context of data agreements, a VC could be created to represent the agreement itself. This VC would contain the details of the agreement and could be cryptographically signed by the parties involved. This ensures the authenticity and integrity of the agreement, providing a secure foundation for data exchange. An example for such a VC is provided in the listing below.
{ "@context": ["https://www.w3.org/ns/credentials/v2"], "type": ["VerifiableCredential"], "identifier": "https://babelfish.data-container.net/credentials/zQmeC…4H7", "issuer": [ "did:oyd:zQme7…Fmp%40babelfish.data-container.net", "did:oyd:zQmY…W1z%40babelfish.data-container.net" ], "issuanceDate": "2023-02-13T00:36:33Z", "credentialSubject": [ { "id": "did:oyd:zQme7…Fmp%40babelfish.data-container.net", "type": "source", "name": "Data Source Name" }, { "id": "did:oyd:zQmY7…W1z%40babelfish.data-container.net", "type": "controller", "name": "Data Intermediary" }, { "id": "did:oyd:zQmY7…W1z%40babelfish.data-container.net", "dataAgreement": { "purposes": ["the actual Domain-specific Data Agreement"] } } ], "proof": [ { "type": "Ed25519Signature2020", "verificationMethod": "did:oyd:zQme7…Fmp%40babelfish.data-container.net", "proofPurpose": "assertionMethod", "proofValue": "zqdK…3Ho" }, { "type": "Ed25519Signature2020", "verificationMethod": "did:oyd:zQmY7…W1z%40babelfish.data-container.net", "proofPurpose": "assertionMethod", "proofValue": "z2pU…YVt" } ] } |
Semantic Overlay Architecture (SOyA)
Semantic Overlay Architecture (SOyA) is another crucial component of data agreements. It's a lightweight, semantic-web-based approach to describe data structures in simple terminology. SOyA includes groups of data records with the same attributes, references between data records, and additional information in the form of overlays for these data structures. It serves as the underlying mechanism for all data management tasks in supply chain management. The SOyA structure for Data Agreements in the supply chain management domain is provided below and can also be found here together with additional overlays. Use this link to create a Data Agreement.
meta: name: D2A
content: bases: - name: DataAgreement attributes: purposes: set<DApurpose> - name: DApurpose attributes: purpose_description: String purpose: set<String> processing: set<String> storage_location: set<String> recipient: set<String> retention_period: String service: String geographic_restriction: String jurisdiction: String withdrawal_method: String authority_party: String cii_information: CII data_source: DataSubject data_intermediary: DataSubject allowed_data_users: set<String> - name: CII attributes: attribute_id: String attribute_type: set<String> sensitivity: Boolean data_optional: Boolean - name: DataSubject attributes: organization_id: String name: String address: String party_type: String |
Supply Chain Management Use Case
In supply chain management, data exchange is vital. For instance, a manufacturer needs to share production data with a distributor, who in turn needs to share inventory data with a retailer. By leveraging DIDs, VCs, SOyA, and Domain Specific Data Agreements, this data exchange can be automated, secure, and efficient. It allows for better coordination, communication, and performance tracking across the supply chain, ultimately leading to improved efficiency, reduced costs, and increased customer satisfaction. The figure below shows the detailed data exchange between Organisation A and B.
Conclusion
In conclusion, data agreements are revolutionizing supply chain management by enabling secure, efficient, and automated data exchange. By leveraging technologies like DIDs, VCs, and SOyA, and implementing Domain Specific Data Agreements, organisations can reap the benefits of digital transformation in supply chain management. As we move forward, we can expect to see more innovative use cases and applications of these technologies in the realm of supply chain management.
This blog post was created in the course of the Babelfish project. This project has received funding from the European Union’s Horizon 2020 research and innovation program through the NGI ONTOCHAIN program under cascade funding agreement No 957338.
References
[1] DIF Data Agreement task force on Github
[2] Data Exchange Agreements An iGrant.io Whitepaper, November 2022, version 2.2
[3] Semantic Overlay Architecture Specification
[4] Babelfish - NGI ONTOCHAIN Gateway API project page